Any
modern business has been dealing with IAM from day one. But now, with more
critical elements of business extending beyond the enterprise, access control complexity has been ramping up due to cloud, mobile, bring your own device (BYOD), and hybrid computing. And greater complexity forms a major deterrent to secure, governed, and managed control over who and what
can access your data and services -- and under what circumstances.

So
while cloud gets a lot of attention, those of us working with
enterprises daily know that the vast majority of businesses are, and
will remain, IT hybrids, a changing mixture of software as a service (SaaS), cloud, mobile, managed hosting models, and of course, on-premises IT systems.

We're
here with a Chief Technology Officer for a top IAM technology
provider to gain a deeper understanding of the various ways to best
deploy and control access management in this ongoing age of hybrid
business.

Gardner:
Darran, changes in IT are forcing a rethinking of
deployment models and in user behaviors. Therefore governance of
these critical business processes needs to adjust. But let’s just focus
on what does not change, despite this hybrid environment we now find
ourselves in. There must be
some basic, bedrock principles that we can look to that will guide us as
we're trying to better manage access and identity.

Rolls:
Absolutely, there are, and I think that will be a consistent topic of
our conversation today. It's something that we like to think of as the
core tenets of IAM. As you very eloquently pointed out in your
introduction, this isn't anything new. We've been struggling with
managing identity and security for some time. The changing IT
environment is introducing new challenges, but the underlying principles
of what we're trying to achieve have remained the same.

The idea of holistic management for identity is key.
There's no question about that, and something that we'll come back to is
this idea of the weakest link -- a very commonly understood security
principle. As our environment expands with cloud, mobile, on-prem, and
managed hosting, the idea of a weak point in any part of that environment
is obviously a strategic flaw.

As we like to say at
SailPoint, it’s an anywhere identify principle. That means all people --
employees, contractors, partners, customers, basically from any device,
whether you’re on a desktop, cloud, or mobile to anywhere. That includes
on-prem enterprise apps, SaaS apps, and mobile. It’s certainly our
belief that for any IAM technology to be truly effective, it has to span
all for all -- all access, all accounts, and all users; wherever they
live in that hybrid runtime.

Gardner: So we're in an environment now where we have to maintain those bedrock principles for true enterprise-caliber governance, security,
and control, but we have a lot more moving parts. And we have a
cavalcade of additional things you need to support, which to me, almost
begs for those weak links to crop up.

So how do you combine the two? How do you justify and reconcile these two realities -- secure and complex?

Addressing the challenge

Rolls:
One way comes from how you address the problem and the challenge. Quite often, I'm asked if there's a compromise here. If I
move my IAM to the cloud, will I still be able to sustain my controls
and management and do risk mitigation, which is what we were trying to
get to.

My advice is if you're looking at an identity-as-a-service (IDaaS)
solution that doesn’t operate in terms of sustainable controls and risk
mitigation, then stop, because controls and risk mitigation really are
the core tenets of identity management. It’s
really important to start a conversation around IDaaS by quite clearly
understanding what identity governance really is.

This
isn’t an occasional, office-use application.
This is critical security infrastructure. We very much have to remember
that identity sits at the center of that security-management lifecycle,
and at the center of the users’ experience. So it’s super important that
we get it right.

So in this respect, I like to think
that IDaaS is more of a deployment option than any form of a compromise.
There are a minimum set of table stakes that have to be in place. And,
whether you're choosing to deploy an IDaaS solution or an on-prem
offering, there should be no compromise in it.

We have
to respect the principles of global visibility and control, of
consistency, and of user experience. Those things remain true for cloud
and on-prem, so the song remains the same, so to speak. The IT
environment has changed, and the IAM solutions are changing, but the
principles remain the same.

Being more inclusive means that you need to have the best of all
worlds. You need to be able to be doing well on-premises as well as in
the cloud, and not either/or.

Also, to
your point, being more inclusive means that you need to have the best of
all worlds. You need to be able to be doing IAM well on-premises, as well as
in the cloud -- and not either/or.

Rolls: Most
of the organizations that I speak to these days are trying to manage a
balance between being enterprise-ready -- so supporting controls and
automation and access management for all applications, while being very
forward looking, so also deploying that solution from the cloud for cost and
agility reasons.

For these organizations, choosing
an IDaaS solution is not a compromise in risk mitigation, it’s a conscious
direction toward a more off-the-shelf approach to managing identity.
Look, everyone has to address security and user access controls, and
making a choice to do that as a service can’t compromise your position
on controls and risk mitigation.

Gardner: I
suppose the risk of going hybrid is that if you have somewhat of a distributed approach
to your IAM capabilities, you'll lose that all-important single view of management. I'd like to hear more, as we get into these
tenets, of how you can maintain that common control.

You have put in some serious thought into
making a logical set of five tenets that help people understand and deal
with these changeable markets. So let’s start going through those. Tell
me about the first tenet, and then we can dive in and maybe even hear
an example of where someone has done this right.

Focusing on identity

Rolls:
Obviously it would be easy to draw 10 or 20, but we like to try and
compress it. So there's probably always the potential for more. I
wouldn’t necessarily say these are in any specific order, but the first
one is the idea of focusing on the identity and not the account.

This
one is pretty simple. Identities are people, not accounts in an on-line
system. And something we learned early in the evolution of IAM was that
in order to gain control, you have to understand the relationships
between people -- identities, and their accounts, and between those
accounts and the entitlements and data they give access, too.

So
this tenet really sits at the heart of the IAM value proposition -- it's
all about understanding who has access to what, and what it really
means to have that access. By focusing on the identity -- and capturing all
of the relationships it has to accounts, to systems, and to data -- that helps
map out the user security landscape and get a complete picture of how
things are configured.

Gardner: If I understand
this correctly, all of us now have multiple accounts. Some of them
overlap. Some of them are private. Some of them are more business-centric. As we get into the Internet of Things, we're going to have another end-point tier associated with a user, or an identity, and that might be
sensors or machines. So it’s important to maintain the identity focus,
rather than the account focus. Did I get that right?

Rolls:
We see this today in classic on-prem infrastructure with system-shared
and -privileged accounts. They are accounts that are operated by the
system and not necessarily by an individual. What we advocate here, and
what leads into the second tenet as well, is this idea of visibility. You
have to have ownership and responsibility. You assign and align the
system and functional accounts with people that can have responsibility.

The consequences of not understanding and accurately managing those
identity and account relationships can be pretty significant.

In
the Internet of Things, I would by no means say that it's nothing new,
because if nothing else, it's potentially a new order of scale. But it's
functionally the same thing: Understanding the relationships.

For example, I want to tie my Nest
account back to myself or to some other individual, and I want to
understand what it means to have that ownership. It really is just more
of the same, and those principles that we have learned in enterprise IAM
are going to play out big time when everything has an identity in the Internet of Things.

Gardner: Any
quick examples of tenet one, where we can identify that we're having
that focus on the user, rather than the account, and it has benefited them?

Rolls:
For sure. The consequences of not understanding and accurately managing
those identity and account relationships can be pretty significant.
Unused and untracked accounts, something that we commonly refer to in
the industry as "orphan accounts," often lead to security breaches.
That’s why, if you look at the average identity audit practice, it’s
very focused on controls for those orphan accounts.

We
also know for a fact, based on network forensic analysis that happens
post-breach, that in many of the high-profile, large-scale security
breaches that we've seen over the last two to five years, the back door
is left open by an account that nobody owns or manages. It’s just there.
And if you go over to the dark side and look at how the bad guys
construct vulnerabilities, first things they look for are these
unmanaged accounts.

So it’s low-hanging fruit for IAM to better manage these accounts because the consequences can be fairly significant.

Tenet two

Gardner: Okay, tenet two. What’s next on your priority list?

Rolls: The next is two-fold. Visibility is king, and silos are bad. This is really two thoughts that are closely related.

The
first part is the idea that visibility is king, and this comes from the
realization that you have to be able to capture, model, and visualize
identity data before you have any chance of managing it. It’s like the
old saying that you can’t manage what you can’t measure.

It’s
same thing for identity. You can’t manage the access and security you
don’t see, and what you don’t see is often what bites you. So this tenet
is the idea that your IAM system absolutely must support this idea of
rapid, read-only aggregation of account and entitlement information as a
first step, so you can understanding the landscape.

The
second part is around the idea that silos of identity management can be
really, really bad. A silo here is a standalone IAM application or what
one might think of as a domain-specific IAM solution. These are things
like an IDaaS offering that only does cloud apps or an Active Directory-only
management solution, basically any IAM tool that creates a silo of
process and data. This isolation goes against the idea of visibility and
control that we just covered in the first tenant.

In education, we say "no child left behind." In identity, we say “no account left behind, and no system left behind.”

You
can’t see the data if its hidden in a siloed system. It’s isolated and
doesn't give you the global view you need to manage all identity for all
users. As a vendor, we see some real-world examples of this. SailPoint
just replaced a legacy-provisioning solution at a large US based bank,
for example, because the old system was only touching 12 of their core systems.

The legacy IAM system the bank had was a silo managing just the Unix
farm. It wasn't integrated and its data and use case wasn’t shared. The
customer needed a single place for their users to go to get access, and
a single point of password control for their on-prem Unix farm, and for
their cloud-based, front-end application. So today SailPoint’s IdentityNow provides that single view for them, and things are working
much better.

Gardner: It also reminds me
that we need to be conscious of supporting the legacy in the
older systems, recognizing that they weren't designed necessarily for
the reality we're in now. We also need to be flexible in the sense
of being future-proof. So it's having visibility across your models that are
shifting in terms of hybrid and cloud, but also visibility across the
other application sets and platforms that were never created with this
mixture of models that we are now supporting.

Rolls:
Exactly right. In education, we say "no child left behind." In
identity, we say “no account left behind, and no system left behind.” We
also shouldn’t forget there is a cost associated with maintaining those
siloed IAM tools, too. If the system only supports cloud, or only
supports on-prem, or managing identity for mobile, SaaS, or just one
area of the enterprise -- there’s cost. There's a real dollar cost for
buying and maintaining the software, and probably more importantly, a
soft cost in the end-user experience for the people that have to manage
across those silos. So these IAM silos are not only preventing
visibility and controls, but there is big cost here, a real dollar cost to
the business, as well.

Gardner: This gets
closer to the idea of a common comprehensive view of all the data
and all the different elements of what we are trying to manage. I think
that's also important.

Okay, number three. What are we
looking at for your next tenet, and what are the ways that we can
prevent any of that downside from it?

Complete lifecycle

Rolls: This tenet comes from the school of identity hard knocks,
and is something I’ve learned from being in the IAM space for the past
20 or so years -- you have to manage the complete lifecycle for both the
identity, and every account that the identity has access to.

Our
job in identity management, our “place” if you will in the security
ecosystem, is to provide cradle-to-grave management for corporate
account assets. It's our job to manage and govern the full lifecycle of
the identity -- a lifecycle that you’ll often hear referred to as JML,
meaning Joiners, Movers and Leavers.

As you might
expect, when gaps appear in that JML lifecycle, really bad things start
to happen. Users don’t get the system access they need to get their jobs
done, the wrong people get access to the wrong data and critical things
get left behind when people leave.

Maybe
the wrong people get access to the wrong data. They're in the Move
phase. Then things get left behind when people leave. You have to track
the account through that JML lifecycle. I avoid using the term "cradle
to grave," but that’s really what it means.

That’s a very big issue for most companies that we talked to. It’s captured in that lifecycle.

In general, worker populations are becoming more transient and work groups more dynamic.

Gardner:
So it’s not just orphan accounts, but it’s inaccurate or outdated
accounts that don’t have the right and up-to-date information. Those can
become back doors. Those can become weak links.

It
appears to me, Darran, that there's another element here in how our
workplace is changing. We're seeing more and more of what they call "contingent workforces," where people will come in as contractors or third-party suppliers for a brief period of time, do a job, and get out.

It’s
this lean, agile approach to business. This also requires a greater
degree of granularity and fine control. Do you have any thoughts about
how this new dynamic workforce is impacting this particular tenet?

Rolls:
It’s certainly increasing the pressure on IT to understand and manage
all of its population of users, whether they're short-term contractors
or long-term employees. If they have access to an asset that the
business owns, it’s the business's fiduciary duty to manage the
lifecycle for that worker.

In general, worker
populations are becoming more transient and work groups more dynamic.
Even if it’s not a new person joining the organization, we’re creating
and using more dynamic groups of people that need more dynamic systems
access.

It’s becoming increasingly important for
businesses today to be able to put together the access that people need
quickly when a new project starts and then accurately take it away when
the project finishes. And if we manage that dynamic access without a
high degree of assured governance, the wrong people get to the wrong stuff,
and valued things get left behind.

Old account

Quite
often, people ask me if it would really matter when the odd account
gets left behind, and my answer usually is: It certainly can. A textbook
example of this when a sales guy leaves his old company, goes to join a
competitor, and no one takes away his salesforce.com
account. He's then spends the next six months dipping into his old
company’s contacts and leads because he still has access to the
application in the cloud.

This kind of stuff happens
all the time. In fact, we recently replaced another IDaaS provider at a
client on the West Coast, specifically because “the other vendor” -- who
shall remain nameless -- only did just-in-time SAML
provisioning, with no leaver-based de-provisioning. So customers really
do understand this stuff and recognize the value. You have to support
the full lifecycle for identity or bad things happen for the customer
and the vendor.

Gardner: All right. We were
working our way through our tenets. We're now on number four. Is there a
logical segue between three and four? How does four fit in?

Rolls:
Number four, for me, is all about consistency. It talks to the fact
that we have to think of identity management in terms of consistency for
all users, as we just said, from all devices and accessing all of our
applications.

Practically speaking, this means that whether you sit with your Windows desktop in the office, or you are working from an Android tablet back at the house, or maybe on your smartphone
in a Starbucks drive-through, you can always access the applications
that you need. And you can consistently and securely do something like a
password reset, or maybe complete a quarterly user access certification
task, before hitting the road back to the office.

It’s very easy to think of consistency as just being in the IAM UI or
just in the device display, but it really extends to the identity API as well.

Consistency here means that you get the same basic user experience, and I use the term user experience
here very deliberately, and the same level of identity service,
wherever you are. It has become very, very important, particularly as we
have introduced a variety of incoming devices, that we keep our IAM
services consistent.

Gardner: It strikes me
that this consistency has to be implemented and enforced from the
back-end infrastructure, rather than the device, because the devices are
so changeable. We're even thinking about a whole new generation of
devices soon, and perhaps even more biometrics, where the device becomes an entry point to services.

Tell
me a bit about the means by which consistency can take place. This
isn't something you build into the device necessarily.

Rolls:
Yes, that consistency has to be implemented in the underlying service,
as you’ve highlighted. It’s very easy to think of consistency as just
being in the IAM UI or just in the device display, but it really extends
to the identity API
as well. A very good example to explore this concept of consistency of
the API, is to think like a corporate application developer and
consider how they look at consistency for IAM, too.

Assume
our corporate application developer is developing an app that needs to
carry out a password reset, or maybe it needs to do something with an
identity profile. Does that developer write a provisioning connector
themselves? Or should they implement a password reset in their own
custom code?

The answer is, no, they don’t roll their
own. Instead they should make use of the consistent API-level services
that the IAM platform provides -- they make calls to the IDaaS service. The IDaaS service is then responsible for doing the actual password
reset using consistent policies, consistent controls, and a consistent
level of business service. So, as I say, its about consistency for all
use cases, from all devices, accessing all applications.

Thinking about consistency

Gardner:
And even as we think about the back-end services support, that itself
also needs to extend to on-prem legacy, and also to cloud and SaaS. So
we're really thinking about consistency deep and wide.

Rolls:
Precisely, and if we don’t think about consistency for identity as a
services, we're never going to have control. And importantly, we're
never going to reduce the cost of managing all this stuff, and we're
never going to lower the true risk profile for the business.

Gardner:
We're coming up or our last tenet, number five. We haven't talked too much about the behavior, the
buy-in. You can lead a horse to water, but you can't make him drink.
This, of course, has an impact on how we enforce consistency across all
these devices, as well as the service model. So what do we need to do to
get user buy-in? How does number five affect that?

Rolls:
Number five, for me, is the idea that the end-user experience for
identity is everything. Once upon a time, the only user for identity
management was IT itself and identity was an IT tool for IT
practitioners. It was mainly used by the help desk
and by IT pros to automate identity and access controls. Fortunately,
things have changes a lot since then, both in the identity
infrastructure and, very importantly, in the end users’ expectations.

The expectation is to move the business user to self service for pretty
much everything, and that very much includes Identity Management as a
Service as well.

Today, IAM really sits front and center for the business users IT experience. When we think of something like single sign-on (SSO),
it literally is the front door to the applications and the services
that the business is running. When a line-of-business person sits down
at an application, they're just expecting seamless access via secured
single sing-on. The expectation is that they can just quickly and easily
get access to the things they need to get their job done.

They
also expect identity-management services, like password management,
access request, and provisioning to be integrated, intuitive, and easy
to use. So the way these identity services are delivered in the user
experience is very important.

Pretty much everything is
self-service these days. The expectation is to move the business user
to self-service for pretty much everything, and that very much includes
Identity Management as a Service (IDaaS) as well. So the UI just has to be done
right and the overall users’ experience has to be consistent, seamless,
intuitive, and just easy to deal with. That’s how we get buy-in for
identity today, by making the identity management services themselves
easy to use, intuitive, and accessible to all.

Gardner:
And isn’t this the same as saying making the governance infrastructure
invisible to the end user? In order to do that, you need to extend
across all the devices, all the deployment models, and the APIs, as well
as the legacy systems. Do you agree that we're talking about making it
invisible, but we can’t do that unless you're following the previous
four tenets?

Rolls: Exactly. There's been a lot
of industry conversation around this idea of identity being part of the
application and the users’ flow, and that’s very true. Some large
enterprises do have their own user-access portals, specific places that
you go to carry out identity-related activities, so we need integration
there. On the other hand, if I'm sitting here talking to you and I want
to reset my Active Directory password, I just want to pick up my iPhone
and do it right there, and that means secure identity API’s.

We
talked a good amount about the business user experience. It is very
important to realize that it’s not just about the end-user and the UI.
It also affects how the IDaaS service itself is configured, deployed,
and managed over time. This means the user experience for the system
owner, be that someone in IT or in the line of business -- it doesn’t
really matter who -- has to be consistent and easy to use and has to
lead to easier configuration, faster deployment, and faster time-to-value. We do that by making sure that the administration interface and
the API’s that support it are consistent and generally well thought out,
too.

Intersect between tenets

Gardner:
I can tell, Darran, that you've put an awful lot of thought into these
tenets. You've created them with some order, even though they're equally
important. This must be also part of how you set about your
requirements for your own products at SailPoint.

Tell
me about the intersect between these tenets, the marketplace, and what
SailPoint is bringing in order to ameliorate the issues that the problem
side of these tenets identify, but also the solution side, in terms of
how to do things well.

Rolls: You would expect
every business to say these words, but they have great meaning for us.
We're very, very customer focused at SailPoint. We're very engaged with
our customers and our prospects. We're continually listening to the
market and to what the buying customer wants. That’s the outside-in part
of the of the product requirements story, basically building solutions
to real customer problems.

Internally, we have a long
history in identity management at SailPoint. That shows itself in how we
construct the products and how we think about the architecture and the
integration between pieces of the product. That’s the inside-out part of
the product requirements process, building innovative products that
solutions that work well over time.

As SailPoint has strategically moved into the IDaaS space, we’ve brought
with us a level of trust, a breadth of experience, and a depth of IAM
knowledge.

So I guess that all really comes down
to good internal product management practices. Our product team has
worked together for a considerable time across several companies. So
that’s to be expected. It's fair to say that SailPoint is considered by
many in the industry as the thought leader on identity governance and
administration. We now work with some of the largest and most trusted
brand names in the world, helping them provide the right IAM
infrastructure. So I think we’re getting it right.

As
SailPoint has strategically moved into the IDaaS space, we’ve brought
with us a level of trust, a breadth of experience, and a depth of IAM
knowledge that shows itself in how we use and apply these tenets of
identity in the products and the solutions that we put together for our
customers.

Gardner: Now, we talked about the
importance of being legacy-sensitive, focusing on what the enterprise is
and has been and not just what it might be, but I'd like to think a
little bit about the future-proofing aspects of what we have been
discussing.

Things are still changing and, as we
said, there are new generations of mobile devices, more biometrics
perhaps doing away with passwords and identifying ourselves through the
device that then needs to filter back throughout the entire lifecycle of
IAM implications and end points.

So when you do this
well, if you follow the five tenets, if you think about them and employ
the right infrastructure to support governance in IAM for both the old
and the new, how does that set you up to take advantage of some of the
newer things? Maybe it’s big data, maybe it’s hybrid cloud, or maybe
it's agile business.

It seems to me that there's a virtuous adoption
benefit that when you do IAM well.

Changes in technologies

Rolls:
As you've highlighted, there are lots of new technologies out there
that are effecting change in corporate infrastructure. In itself, that
change isn’t new. I came into IT with the advent of distributed systems.
We were going to replace every mainframe. Mainframes were supposed to be dead, and it's kind of interesting that they're still here.

So
infrastructure change is most definitely accelerating, and the options
available for the average IT business these days -- cloud, SaaS and
on-prem -- are all blending together. That said, when you look below the
applications, and look at the identity infrastructure, many things
remain the same. Consider a SaaS app like Salesforce.com. Yes, it’s a
100 percent SaaS cloud application, but it still has an account for
every user.

I can provide you with SSO to your account
using SAML, but your account still has fine-grained entitlements that
need to be provisioned and governed. That hasn’t changed. All of the new
generation of cloud and SaaS applications require IAM. Identity is at
the center of the application and it has to be managed. If you adopt a
mature and holistic approach to that management you are in good stead.

If you're not on board, you'd better get on board, because the challenges for identity are certainly not going away.

Another great example are the mobile device management (MDM)
platforms out there -- a new piece of management infrastructure that
has come about to manage mobile endpoints. The MDM platforms themselves
have identity control interfaces. Its our job in IAM to connect with
these platforms and provide control over what’s happening to identity on
the endpoint device, too.

Our job in identity is to
manage identity lifecycles where ever they sit in the infrastructure. If
you're not on board, you'd better get on board, because the challenges
for identity are certainly not going away.

Interestingly,
I'm sometimes challenged when I make a statement like that. I’ll often
get the reply that "with SAML single sign-on, the the passwords go away
so the account management problem goes away, right?” The answer is that
no, they don’t. They're still accounts in the application
infrastructure. So good best practice identity and access management
will remain key as we keep moving forward.

Gardner:
And of course as you pointed out earlier, we can expect the scale of
what's going to be involved here to only get much greater.

Rolls: Yes, 100 percent.
Scale is key to architectural thinking when you build a solution today,
and we're really only just starting to touch where scale is going to go.

It’s very important to us at SailPoint, when we build
our solutions, that the product we deliver understands the scale of
business today and the scale that is to come. That affects how we design
and integrate the solutions, it affects how they are configured and how
they are deployed. It’s imperative to think scale -- that’s certainly
something we do.

Gardner: Very good. I'm afraid
we will have to leave it there. You've been listening to a sponsored
BriefingsDirect podcast discussion on new best practices for managing
the rapidly changing needs around identity and access management.

We’ve
seen how greater complexity is the chief detriment to secured,
governed, and responsive ID management. We've also seen how the
tried-and-true principles of ID are still there and need to be
maintained, even as we face greater scale and greater complexity across
more devices, tiers, and across the extended enterprise landscape.

So
I want to thank our guest, Darran Rolls, Chief
Technology Officer at SailPoint Technologies in Austin, Texas. Thank
you so much, Darran.

Rolls: Thank you, Dana, good speaking to you.

Gardner: This is Dana Gardner, Principal Analyst at Interarbor
Solutions. Thanks also to our audience for joining, and don’t forget to
come back to the next BriefingsDirect IT discussion.

Transcript
of a BriefingsDirect podcast on the basic tenets of identity and access
management in a rapidly changing and growing IT world. Copyright
Interarbor Solutions, LLC, 2005-2014. All rights reserved.

Friday, October 24, 2014

Transcript
of a BriefingsDirect podcast on how a major Russian bank is using HP
Vertica data analytics tools to provide up-to-the-minute information for top
executives to make better business decisions.

Dana Gardner: Hello, and welcome to the next edition of the HP Discover Podcast Series. I'm Dana Gardner, Principal Analyst at Interarbor Solutions,
your host and moderator for this ongoing sponsored discussion on IT
innovation and how it’s making an impact on people’s lives.

It was a very hard decision. We tried to refer to the
past experience from our team, from my side, etc. Everyone had some
negative experience with different solutions like Oracle, because there
was a big constraint.

We cannot integrate operational data storage and OLAP solutions. Why? Because there should be high transactional data put in the data warehouse (DWH), which in every case, was usually the biggest constraint to build high-transactional data storage.

Vertica
was a very good solution that removed this constraint. While selecting
Vertica, we were also evaluating different solutions like IBM. We
identified advantages of Vertica against IBM from two different
perspectives.

One was performance. The second was that
Vertica is cost-efficient. Since we were comparing Netezza (now part of IBM), we were
comparing not only software, but also software plus hardware. You can’t
build a cluster of Netezza custom-size. You can only build it with 32
terabytes, and so on.

Very efficient

We were also limited by the logistics of these buildings blocks, the so-called big green box of Netezza. In terms of Vertica, it's really efficient, because we can use any hardware.

So we calculated our total cost of ownership (TCO)
on a horizon of five years, and it was lower than if we built the data warehouse with
different solutions. This was the reason we selected Vertica.

From
the technical perspective and from the cost-efficient perspective,
there was a big difference in the business case. Our bank is not a classical
bank in the Russian market, because in our bank the technology team
leads the innovation, and the technology team is actually the influence-maker inside the business.

So, the business was with
us when we proposed the new data warehouse. We proposed to build the new
solution to collect all data from the whole of Russia and to organize via a
so-called continuous load. This means that within the day, we can show
all the data, what’s going on with the business operations, from all line of
business inside all of Russia. It sounds great.

When we were selecting HP Vertica, we selected not only Vertica, but the technical bundle. We also hosted the Replicator. We chose Oracle GoldenGate.

We selected the appropriate ETL
tool, and the BI front end. So all together, it was a technical bundle,
where Vertica was the middleware technical solution. So far, we have
build a near-real-time DWH, but we don’t call it near-real-time; we call
it "just-in-time, because we want to be congruent with the
decision-making process. We want to influence the business to let them
think more about their decisions and about their business processes.

Everything appears really quick and it's actually influencing business to make decisions, to think more, and to think fast.

As
of now, I can show all data collected and put inside the DWH within 15
minutes and show the first general process in the bank, the process of
the loan application. I can show the number of created applications,
plus online scoring and show how many customers we have at that moment
in each region, the amounts, the average check, the approval rate, and
the booking rate. I can show it to the management the same day, which is
absolutely amazing.

The tricky part is what the
business will do with this data. It's tricky, because the business was
not ready for this. The business was actually expecting that they could
run a script, go to the kitchen, make a coffee, and then come back.

But,
boom, everything appears really quickly, and it's actually influencing the
business to make decisions, to think more, and to think fast. This, I believe, is the biggest challenge, to grow business analytics inside the
business for those who will be able to use this data.

As of now,
we are setting the pilot stage, the pilot phase of what we call business activity monitoring (BAM). This is actually a
funny story, because this is the same term referenced in Russia to Baikal-Amur Mainline (BAM), a huge railroad across the whole country that
connects all the cities. It's kind of our story, too; we connect all departments
and show the data in near real-time.

Next phase

In
this case, we're actually working on the next phase of BAM, and we're
trying to synchronize the methodology across all products, across all
departments, which is very hard. For example, approval rates could be
calculated differently for the credit cards or for the cash loans
because of the process.

Since we're trying to
establish a BI function almost from ground zero, HP Vertica is only the
technical side. We need to think more about the educational side, and we
need to think about the framework side. The general framework that
we're trying to follow, since we're trying to build a BI function, is a
United Business Glossary (or accepted services directory), first of all.

It's obvious
to use Business Glossary and to use a single term to refer to the same
entity everywhere. But it is not happening as of now, because the
business unit is still trying to use different definitions. I think it's
a common problem everywhere in the business.

The
second is to explain that there are two different types of BI tools. One
is BI for the data mart, a so-called regular report. Another tool is a
data discovery tool. It's the tool for the data lab (i.e. mining tool).

So
we differentiate data lab from data mart. Why? Because we're trying to
build a service-oriented model, which in the end produces analytical
services, based on the functional map.

When you're
trying to answer the question using some analytics, actually it is a
regular question, this is tricky. All the questions that are raised by
the business, by any business analyst, are regular questions; they are
fundamental.

The correct way to develop an analytical
service is to collect all these questions into kind of a question
library. You can call it a functional map and such, but these questions,
define the analytical service for those functions.

For
example, if you're trying to produce cost control, what kind of
business questions do you want to answer? What kind of business
analytics or metrics do you want to bring to the end-users? Is this
really mapped to the question raised, or you are trying to present
different analytics? As of now, we feel it's difficult to present this
approach. And this is the first part.

The second part
is a data lab for ad hoc data discovery. When, for example, you're trying
to produce a marketing campaign for the customers, trying to produce
customer segments, trying to analyze some great scoring methodology, or
trying to validate scientific expectations, you need to produce some
research.

It's not a regular activity. It's more ad
hoc analysis, and it will use different tools for BI. You can’t combine
all the tools and call it a universal BI tool, because it doesn't work
this way. You need to have a different tool for this.

Creating a constraint

This
will create a constraint for the business users, because they need some
education. In the end, they need to know many different BI tools.

This
is a key constraint that we have now, because end-users are more
satisfied to work with Excel, which is great. I think it's the most
popular BI data discovery tool in the world, but it has its own
constraints.

I love Microsoft. Everyone loves Microsoft, but there are different beautiful tools like TIBCO Spotfire, for example, which combines MATLAB, R, and so on. You can input models of SAS and so on. You can also write the scripts inside it. This is a brilliant data discovery tool.

But
try to teach this tool to your business analyst. In the beginning, it's
hard, because it's like a J curve. They will work through the valley of
despair, criticizing it. "Oh my God, what are you trying to create,
because this is a mess from my perspective?" And I agree with them in
the beginning, but they need to go through this valley of despair,
because in the end, there will be really good stuff. This is because of
the cultural influence.

This
will create a constraint for the business users, because they need
some education. In the end, they need to know many different BI tools.

Gardner:
Tell me, Alexei, what sort of benefits have you been able to
demonstrate to your banking officials, since you've been able to get
this near real-time, or just-in-time analytics -- other than the fact that
you're giving them reports? Are there other paybacks in terms of business metrics of success?

Blagirev:
First of all, we differentiate our stakeholders. We have top management
stakeholders, which is the board. There are the middle-level
stakeholders, which are our regional directors.

I'll
start from the bottom, and the regional directors. They just open the
dashboard. They don’t click anything or refresh. They just see that they
have data and analytics, what’s going on in their region.

They
don’t care about the methodology, because there is BAM, and they just
use figures for decision making. You don’t think about how it got there,
but you think about what to do with these figures. You focus more on
your decision, which is good.

They start to think more
on their decision and they start to think more on the processing side.
We may show, for example, that at 12 o’clock our stream of cash loan
applications went down. Why? I have no idea. Maybe they all went out for
dinner. I don’t know.

But nobody says that. They say,
"Alexei, something is happening." They see true figures and they know
they are true figures. They have instruments to exercise operational
excellence. This is the first benefit.

Top management

The
second, is top management. We had a management board where everyone
came and showed different figures. We'd spend 30 minutes, or maybe hour,
just debating which figures were true. I think this is a common
situation in Russian banks, and maybe not only banks.

Now,
we can just open the report, and I say, "This is a single report,
because it shows intra-day figures and shows this metrics, it was
calculated according to methodology." We actually linked the time of
calculation, which shows that this KPI,
for example, was calculated at 12 o’clock. You can take figures at 12
o’clock, and if you don’t believe them, you can ask the auditors to
repeat calculation, and it will be the same way.

Nobody
cares about how to calculate the figures. So they started to think
about what methodology to apply to the business process. Actually, this
is reverse of the focus from the outside, focusing on what’s going on
with our business process. This is the second benefit.

Gardner:
Any other advice that you would give to organizations who are beginning
a process toward BI?

Try
to disclose all your company and software vision, because Vertica or
other BI tools are only a part. Try to see all the company's lines, all
information.

Blagirev: First of all,
don’t be afraid to make mistakes. It's a big thing, and we all forget
that, but don’t be afraid. Second, try to create your own vision of
strategy for at least one year.

Third, try to disclose
all your company and software vision, because HP Vertica or other BI tools
are only a part. Try to see all the company's lines, all information,
because this is important. You need to understand where the value is,
where is the shareholder value is lost, or are you creating the value
for the shareholder. If the answer is, yes, don’t be afraid to protect
your decision and your strategy, because otherwise in the end, there
will be problems. Believe me.

As Gandhi mentioned, in the beginning everyone laughs, then they begin hating you, and in the end, you win.

Gardner:
With your business activity monitoring, you've been able to change
business processes, influence the operations, and maybe even the culture
of the organization, focusing on the now and then the next set of
processes. Doesn’t this give you a competitive advantage over
organizations that don’t do this?

Blagirev: For
sure. Actually, this gives a competitive advantage, but this
competitive advantage depends on the decision that you're making. This
actually depends on everyone in the organization.

Understanding
this brings a new value to the business, but this depends on the final
decision from people who sit in the position. Now, those people
understand. They're actually handling the business and they see how
they're handling the business.

I can compare the solution to other banks. I have been working for Société Générale and for the Alfa-Bank, which is the largest bank in Russia. I've been the auditor of financial services in PwC. I saw the different reporting and different processes, and I can say that this solution is actually unique in the market.

Why?
It shows congruent information in near real-time, inside the day, for
all the data, for the whole of Russia. Of course, it brings benefit, but
you need to understand how to use it. If you don’t understand how to
use this benefit, it's going to be just a technical thing.

Gardner:
Very good. I'm afraid we will have to leave it there. We've been
hearing about how Otkritie Bank in Moscow has increased and improved its
business-activity monitoring and we've heard how that’s helped them improve their business and become more competitive.

Transcript
of a BriefingsDirect podcast on how a major Russian bank is using HP
Vertica data analytics tools to provide up-to-the-minute information for top
executives to make major business decisions. Copyright Interarbor Solutions,
LLC, 2005-2014. All rights reserved.

Businesses of all stripes rate the need to move
faster as a top priority, and many times, that translates into the need
for better and faster IT projects. But traditional IT processes and
disjointed project management don't easily afford rapid, agile, and
adaptive IT innovation.

The good news is that a new
wave of ITSM technologies and methods allow for a more rapid ITSM
adoption -- and that means better rapid support of agile business
processes.

To help us explore a practical guide to
fast ITSM adoption as a foundation for overall business agility, please
join me in welcoming our panel, John Stagaman, Principal Consultant at Advanced MarketPlace based in Tampa, Florida. Welcome, John.

Gardner: John Stagaman, let me start with you. We hear a lot, of course, about the faster pace of business, and cloud and software as a service (SaaS)
are part of that. What, in your mind, are the underlying trend or
trends that are forcing IT's hand to think differently, behave
differently, and to be more responsive?

Stagaman:
If we think back to the typical IT management project historically,
what happened was that, very often, you would buy a product. You would
have your requirements and you would spend a year or more tailoring and
customizing that product to meet your internal vision of how it should
work. At the end of that, it may not have resembled the product you
bought. It may not have worked that well, but it met all the
stakeholders’ requirements and roles, and it took a long time to deploy.

That level of customization and tailoring resulted in
a system that was hard to maintain, hard to support, and especially
hard to upgrade, if you had to move to a new version of that product
down the line. So when you came to a point where you had to upgrade,
because your current version was being retired or for some other reason,
the cost of maintenance and upgrade was also huge.

It
was a lesson learned by IT organizations. Today, saying that it will
take a year to upgrade, or it will take six months to upgrade, really
gets a response. Why should it? There's been a change in the way it’s
approached with most of the customers we go on-site to now. Customers
say we want to use out of box, it used to be, we want to use out of box,
and sometimes it still happens that they say, and here’s all the things
we want that are not out of box.

But they've gotten
much better at saying they want to start from out of box, leverage that,
and then fill in the gaps, so that they can deploy more quickly.
They're not opening the box, throwing it away, and building something
new. By working on that application foundation and extending where
necessary, it makes support easier and it makes the upgrade path to
future versions easier.

Moving faster

Gardner: It sounds like moving toward things like commodity hardware and open-source
projects and using what you can get as is, is part of this ability to
move faster. But is it the need to move faster that’s driving this or
the ability to reduce customization? Is it a chicken and egg? How does
that shape up?

Engstrom: I think that the old
use case of "design, customize, and implement" is being forced out as an
acceptable approach, because SaaS, platform as a service (PaaS),
and the cloud are driving the ability for stakeholders. Stakeholders
are retiring, and fresher sets of technologies and experiences are
coming in. These two- and three-year standup projects are not
acceptable.

If you're not able to do fast time-to-value, you're
not going to get funding. Funding isn’t in the $8 million and $10
million tranches anymore; it’s in the $200,000 and $300,000 tranche.
This is having a direct effect on on-premise tools, the way the
customers are planning, and OPEX versus CAPEX.

Gardner:
Philipp, how do you come down on this? Is this about doing less
customization or doing customization later in the process and,
therefore, more quickly?

Koch: I don't think
it's about the customization element in itself. It is actually more
that, in the past, customers reacted. They said they wanted to tailor
the tool, but then they said they wanted this and they took the software
off the shelf and started to rebuild it.

Now with the
SaaS tool offerings coming into play, you can’t do that anymore. You
can't build your ITSM solution from scratch. You want be able to take it
according to use case and adjust it with customization or
configuration. You don’t want to be able to tailor.

But customization happens while you deploy the
project and that has to happen in a faster way. I can only concur with
all the other things that have already been said. We don't have huge
budgets anymore. IT, as such, never had huge budgets, but, in the past,
it was accepted that a project like this took a long time to do.
Nowadays, we want to have implementations of weeks. We don’t want to
have implementations of months anymore.

Gardner:
Let’s just unpack a little bit the relationship between ITSM and IT
agility. Obviously, we want things to move quickly and be more
predictable, but what is it about moving to ITSM rapidly that benefits?
And I know this is rather basic, but I think we need to do it just for
all the types of listeners we have.

Back to you, John.
Explain and unpack what we mean by rapid ITSM as a means to better IT
performance and rapid management of projects.

Best practices

Stagaman:
For an organization that is new to ITSM processes, starting with a
foundational approach and moving in with an out-of-box build helps them
align with best practice and can be a lot faster than if they try to
develop from scratch. SaaS is a model for that, because with SaaS you're
essentially saying you're going to use this standard package.

The
standard package is strong, and there's more leverage to use that. We
had a federal customer that, based on best practice, reorganized how
they did all their service levels.
Those service levels were aligned with services that allowed them, for
the first time, to report to their consuming bureaus the service levels
per application that those bureaus subscribed to. They were able to
provide much more meaningful reporting.

They wouldn’t
have done that necessarily if the model didn't point in that direction.
Previously, they hadn't organized their infrastructure along the lines
to say, "We provide these application services to our customer."

Gardner:
Erik, how do see the relationship between rapid and better ITSM and
better IT overall performance? Are there many people struggle with this
relationship?

Engstrom: Our approach at
Effectual, what we focus on, is the accountability of data and the
ability for an organization to reduce waste through using good data.
We're not service [process] management experts, in that we are going to
define a best practice; we are strictly on “here is the best piece of
data everyone on your team is working [with] across all tools.” In that
way, what our customers are able to see is transparency. So data from
one system is available on another system.

Those kinds of mistakes are reduced when you share across tools. So that’s our focus and that’s where we're seeing benefit.

What
that means is that you see a lot more reduction in types of servers
that are being taken offline when they're the wrong server. We had a
customer bring down their [whole] retail zone of systems that the same
team had just stood up the week before. Because of the data being good,
and the fact they were using out-of-the-box features, they were able to
reduce mistakes and business impact they otherwise would not have seen.

Had
they stayed with one tool or one silo of data, it’s only one source of
opinion. Those kinds of mistakes are reduced when you share across
tools. So that’s our focus and that’s where we're seeing benefit.

Gardner:
Philipp, can you tell us why rapid ITSM has a powerful effect here in
the market? But, before we get into that and how to do it, why is rapid
ITSM so important now?

Koch: What we're seeing
in our market is that customers are demanding service like they're
getting at home at the end of the day. This sounds a little bit
cliché-like, but they would like to get something ordered on the
Internet, have it delivered 10 minutes later, and working half an hour
later.

If we're talking about doing a classical waterfall approach to projects as was done 5 or 10 years ago, we're talking about months, and that’s not what the customer wants.

IT
is delivering that. In a lot of organizations, IT is still fairly slow
in delivering bigger projects, and ITSM is considered a bigger project.
We're seeing a lot of shadow IT
appearing, where business units who are demanding that agility are not
getting it from IT, So they're doing it themselves, and then we have a
big problem.

Counter the trend

With
rapid ITSM, we can actually counter that trend. We can go in and give
our customers what's needed to be able to please the business demand of
getting something fast. By fast, we're talking about weeks now. We're of
course not talking 10 minutes in project sizes of an ITSM
implementation, but we can do something where we're deploying a SaaS
solution.

We can have it ready for production after a
week or two and get it into use. Before, when we did on-premise or when
we did tailoring from scratch, we were talking months. That’s a huge
business advantage or business benefit of being able to deliver what the
business units are asking for.

Gardner: John
Stagaman, what holds back successful rapid ITSM approach? What hinders
speed, why has it been months rather than days typically?

Stagaman:
Erik referenced one thing already. It has to do with the quality of
source data when you go to build a system. One thing that I've run into
numerous times is that there is often an assumption that finding all the
canonical sources of data for just the general information that you
need to drive your IT system is already available and it’s easy to
populate. By that I mean things like, what are our locations, what are
our departments, who are our people?

The other major thing that I run into that introduces risks into a project is when requirements aren't really requirements.

I'm
not even getting to the point of asking what are our configuration
items and how are they related? A lot of times, the company doesn't have
a good way to even identify who a person is uniquely over time, because
they use something with their name. They get married, it changes, and
all of a sudden that’s not a persistent ID.

One thing
we address early is making sure that we identify those gold sources of
data for who and what, for all the factual data that has to be loaded to
support the process.

The other major thing that I run
into that introduces risks into a project is when requirements aren't
really requirements. A lot of times, when we get requirements, it’s a
bunch of design statements. Those design statements are about how they
want to do this in the tool. Very often, it’s based on how the tool
we're replacing worked.

If you don't go through those
and say that this is the statement of design and not a statement of
functional requirement and ask what is it that they need to do, it makes
it very hard to look at the new tools you're deploying to say that this
new tool does that this way. It can lead to excess customization,
because you're trying to meet a goal that isn’t consistent with how your
new product works.

Those are two things we usually do
very early on, where we have to quality check the requirements, but
those are also the two things that most often will cause a project to
extend or derail.

Koch: I agree with what John says. That’s definitely something that we see when we meet customers.

Other areas that I see are more towards the execution of the projects itself. Quite often, customers know what agile
is, but they don’t understand it. They say they're doing something in
an agile way. Then, they show us a drawing that has a circle on it and
then they think they are agile.

When you start to actually work with them, they're still in the old waterfall approach of stage gates, and milestones.

So,
you're trying to do rapid ITSM implementation that follows agile
principles, but you're getting stuck by internal unawareness or
misunderstanding what this really means. Therefore, you're struggling
with doing an agile implementation, and they become non-agile by doing
this. That, of course, delays projects.

Quite often, we
see that. So in the beginning of the projects, we try to have a
workshop or try to get the people to understand what it really means to
do an agile project implementation for an ITSM project. That’s one
angle.

They should be asking whether it's easy to tailor the solution. It doesn’t really matter how.

The
other angle, which I also see quite often, goes into the area of the
requirements, the way John had described them. Quite often, those
requirements are really features, as in they are hidden features that
the customer wants. They are turned into some sort of requirements to
achieve that feature. But very seldom do we see something that actually
addresses the business problem.

They should not really
care if you can right-click in the background and add a new field to
this format. That’s not what they should be asking for. They should be
asking whether it's easy to tailor the solution. It doesn’t really
matter how. So that’s where quite often you're spending a lot of time
reading those requirements and then readjusting them to match what you
really should be talking about. That, of course, delays projects.

In
a nutshell, we technology guys, who work with this on a daily basis,
could actually deliver projects faster if we could manage to get the
customers to accept the speed that we deliver. I see that as a problem.

Gardner:
So being real about agile, having better data, knowing more about what
your services are and responding to them are all part of overcoming the
inertia and the old traditional approaches. Let’s look more deeply into
what makes a big difference as a solution in practice.

Erik
Engstrom, what helps get agile into practice? How are we able to
overcome the drawbacks of over-customization and the more linear
approach? Do you have any thoughts about moving towards a solution?

Maturity and integration

Engstrom:
Our approach is to provide as much maturity, and as complete an
integration as possible, on day one. We've developed a huge amount of
libraries of different packages that do things such as to advance the
tuning of a part of a tool, or to advance the integration between tools.
Those represent thousands of hours that can be saved for the customer.
So we start a project with capabilities that most projects would arrive at.

This
allows the customer to be agile from day one. But it requires that
mentality that both Philipp and John were speaking about, which is, if
there’s a holdout in the room that says “this is the way you want
things,” you can’t really work with the tools the way that they
[actually] do work. These tools have a lot of money and history behind
them, but one person’s vision of how the tools should work can derail
everything.

We ask customers to take a look at an
interoperable functioning matured system once we have turned the lights
on, and have the data moving through the system. Then they can start to
see what they can really do.

It’s a shift in thinking
that we have covered well over the last few minutes, so I won't go into
it. But it's really a position of strength for them to say, "We've
implemented, we’ve integrated. Now, where do we really want to go with
this amazing solution?

So
the faster we can help customers start to see a working system with
their data, the easier it is to start to move and maintain an agile
approach.

Gardner: What is it about the
new toolset that’s allowing this improvement, the pre-customization
approach? How does the technology come to bear on what’s really a very
process-centric endeavor?

Engstrom: There are
certain implementation steps that every customer, every project, must
undergo. It’s that repetition that we're trying to remove from the
picture. It’s the struggle of how to help an organization start to
understand what the tools can do. What does it really look like when
people, party, location, and configuration information is on hand?
Customers can’t visualize it.

So the faster we can
help customers start to see a working system with their data, the easier
it is to start to move and maintain an agile approach. You start to
say, "Let’s keep this down to a couple of weeks of work. Let us show it
to you. Let’s visit it."

If we're faster as
consultancies, if we're not taking six months, if we're not taking two
months and we can solve these things, they'll start to follow our lead.
That’s essential. That momentum has to be maintained through the whole
project to really deliver fast.

Gardner: John
Stagaman, thoughts about moving fast, first as consultants, but then
also leveraging the toolsets? What’s better about the technology now
that, in a sense, changes this game too?

Very different

Stagaman:
In the ITSM space, the maturity of the product out of box, versus 10
years ago, is very different. Ten or 15 years ago, the expectation was
that you were going to customize the whole thing.

There
would be all these options that were there so you could demo them, but
they weren’t necessarily built in a cohesive way. Today, the tools are
built in different ways so that it's much closer to usable and
deployable right out of the box.

The newest versions
of those tools very often have done a much better job of creating
broadly applicable process flow, so that you can use that same out of
the box workflow if you're a retailer, a utility, or want to do some
things for the HR call center without significant change to the core
workflow. You might need to have the specific data fields related to
your organization.

And, there's more. We can start from this ITSM framework that’s embedded and extend it where we need to.

Gardner:
Philipp, thoughts about what’s new and interesting about tools, and
even the SaaS approach to ITSM, that drives, from the technology
perspective, better results in ITSM?

Koch:
I'll concur with John and Erik that the tools have changed drastically.
When I started in this business 10 or 15 years ago, it was almost like
the green screens of computers that slide through when you look for the
ITSM solution.

If you’re looking at ITSM solutions today, they're web based. They're Web 2.0 technology, HTML5, and responsive UIs.
It doesn’t really matter which device you use anymore, mobile phone,
tablet, desktop, or laptop. You have one solution that looks the same
across all devices. A few years ago, you had to install a new server to
be able to run a mobile client, if it even existed.

So,
the demand has been huge for vendors to deliver upon what the need is
today. That has drastically changed in regards to technology, because
technology nowadays allows us, and allows the vendors, to deliver up on
how it should be.

We want Facebook. We want to Tweet. We want an Amazon- or a Google-like
behavior, because that’s what we get everywhere else. We want that in
our IT tools as well, and we're starting to see that coming into our IT
tools.

In the past we had rule sets, objects, and
conditions towards objects, but it wasn’t really a workflow engine.
Nowadays, SaaS solutions, as well as on-premise solutions, have workflow
engines that can be adjusted and tailored according to the business
needs.

No difference

You’re
relying on a best practice. An incident management process flow is an
incident management process flow. There really is no difference no
matter which vendor you go to, they all look the same, because they
should. There is a best practice out there or a good practice out there.
So they should look the same.

The only adjustments
that customers will have to do is to add on that 10-20 percent that is
customer-specific with a new field or a specific approval that needs to
be put in between. That can be done with minimal effort when you have
workflow engine.

Looking at this from a SaaS
perspective, you want this off the shelf. You want to be able to
subscribe to this on the Internet and adjust it in the evening, so when
you come back the next day and go to work, it's already embedded in the
production environment. That's what customers want.

Gardner:
Now if we’ve gotten a better UI and we're more ubiquitous with who can
access the ITSM and how, maybe we've also muddied the waters about that
data, having it in a single place or easily consolidated. Let’s go back
to Erik, given that you are having emphasis on the data.

When
we look at a new-generation ITSM solution and practice, how do we
assure that the data integrity remains strong and that we don't lose
control, given that we're going across peers of devices and across a
cloud and SaaS implementations? How do we keep that data whole and
central and then leverage it for better outcomes?

Engstrom: The concept of services and the way that service management is done is really around services. If we think about ITIL and the structure of ITIL [without getting into too many acronyms] the ability to take Services, Assets, and Configuration Management information, [and to have] all of that be consistent, it needs to be the same.

A platform that doesn't have really good bidirectional working data integrations with things like your asset tool or your DCIM tool or your UCMDB tool or your – wherever it is your data is coming from-- the data needs to be a primary focus for the future.

Because we're talking about a system [UCMDB] that can not only discover things and manage computers, but what about the Internet of Things?
What about cloud scenarios, where things are moving so quickly that
traditional methods of managing information whether it would be a
spreadsheet or even a daily automated discovery, will not support the
service-management mission?

It's very important, first
of all, that all of the data be represented. Historically, we’ve not
been able to do that because of performance. We've not been able to do
that because of complexities. So that’s the implementation gap that we
focus on, dropping in and making all of the stuff work seamlessly.

Same information

The benefit to that is that you’re operating as an organization on the same
piece of information, no matter how it’s consumed or where it’s
consumed. Your asset management folks would open their HP IT Asset
Manager, see the same information that is shown downstream at Service
Manager. When you model an application or service, it’s the same
information, the same CI managed with UCMDB, that keeps the entire
organization accountable. You can see the entire workflow through it.

If
you have the ability to bridge data, if you have multiple tools taking
the best of that information, making it an inherent automated part of
service management, means that you can do things like Incident and
Change, and Service Asset and Configuration Management (SACM) and roll up the costs of these tickets, and really get to the core of being efficient in service management.

Gardner:
John Stagaman, if we have rapid ITSM multiple device ease of interface,
but we also now have more of this drive towards the common data shared
across these different systems, it seems to me that that leads to even
greater paybacks. Perhaps it's in the form of security. Perhaps it's in a
policy-driven approach to service management and service delivery.

Any
thoughts about ancillary or future benefits you get when you do ITSM
well and then you have that quality of data in mind that is extended and
kept consistent across these different approaches?

The
ability to know what’s connected to your network can identify failure
points and chokepoints or risks of failure in that infrastructure.

Stagaman:
Part of it comes to the central role of CMDB and the universality of
that data. CMDB drives asset management. It can drive ITSM and the
ability to start defining models and standards and compare your live
infrastructure to those models for compliance along with discovery.

The
ability to know what’s connected to your network can identify failure
points and chokepoints or risks of failure in that infrastructure.
Rather than being reactive, "Oh, this node went down. We have to address
this," you can start anticipating potential failures and build
redundancy. Your possibility of outage can be significantly reduced, and
you can build that CMDB and build the intelligence in, so that you can
simulate what would happen if these nodes or these components went down.
What's the impact of that?

You can see that when you
go to build, do a change, that level of integration with CMDB data lets
you see well, if we have a change and we have an outage for these
servers, what's the impact on the end user due to the cascading effect
of those outages through the related devices and services so that you
can really say, well, if we bring this down, we were good, but oh, at
the same time we have another change modifying this and with those
together coming down we may interrupt service to online banking and we
need to schedule those at different times.

The latest
update we're seeing is the ability to put really strict controls on the
fact that this change will potentially impact this system or service and
based on our business rules that say that this service can only be down
during these times or may not be down at that time. We can even
identify that time period conflict in an automated way and require
additional process approvals for that to go forward at that time or
require a reschedule.

Gardner: Philipp, any
thoughts on this notion of predictive benefits from a good ITSM and good
data, and perhaps even this notion of an algorithmic approach to
services, delivery, and management?

Federation approach

Koch:
It actually nicely fits into one of our reference installations, where
that integration that Erik also talked about of having the data and
utilize the data in a kind of on-the-fly federation approach. You can no
longer wait to have a daily batch job to run. You need to have it at
your fingertips. I can take an example from an Active Directory integration where we utilized all the data from active directory to allocate roles and rights and access inside HP Service Manager.

We've
made a high-level analysis of how much we actually save by doing this.
By doing that integration and utilizing that information, we say that we
have an 80 percent reduction of manual labor done inside service
manager for user administration.

Instead of having a
technician to have to go into service manager to allocate the role, or
to allocate rights, to a new employee who needs access to HP Service
Manager, you actually get it automatic from Active Directory when the
user logs in. The only thing that has to be done is for HR to say where
this user sits, and that happens no matter what.

We've
drastically reduced the amount of time spent there. There's a tangible
angle there, where you can save a lot of time and a lot of money, mainly
with regards to human effort.

With big-data analytics, you'll be able to see that that manual change model is used often and it could be easily automated.

The
second angle that you touched on is smart analytics, as we can call it
as well, in the new solutions that we now have. It's cool to see, and we
now need to see where it's going in the future and see how much further
we can go with this. We can do smart analytics on utilizing all the
data of the solutions. So you're using the buzzword big data.

If we go in and analyze everything that's happening to a change-management area, we now have KPIs
that can tell me -- this an old KPI as such -- that 48 percent of your
change records have an element of automation inside the change
execution. You have the KPI of how much you're automating in change
management.

With smart analytics on top of that, you
can get feedback in your KPI dashboard that says you have 48 percent.
That’s nice, but below that you see if you enhance those two change
models as well and automate them, you'll get an additional 10 percent of
automation on your KPI.

With big-data analytics,
you'll be able to see that manual change model is used often and it
could be easily automated. That is the area that is so underutilized in
using such analytics to go and focus on the areas that actually really
make a difference and to be able to see that on a dashboard for a change
manager or somebody who is responsible for the process.

That
really sticks into your eye and says “Well, if I spend half an hour
here, making this change model better, then I am going to save a lot
more time, because I am automating 10 percent more." That is extremely
powerful. Now just extrapolating that to the rest of the processes,
that’s the future.

Gardner: Well Erik, we've
heard both John and Philipp describe intelligent ITSM. Do you have any
examples where some of your customers are also exploring this new level
of benefit?

We even used Business Service Management (BSM), but the thinking behind this was that this is a service-management project. It’s all about uniting different health agencies in British Columbia under one shared service.

The
configuration information is there. The asset information is there,
right down to purchase orders, maintenance contracts, all of the
parties, all of the organizations. The customer was able to identify all of their business services. This was all built in, normalized in CMDB, and then pushed into ITSM.

With this capability, they're able to see across these various organizations that roll-up in the shared service, who
the parties are, because people opening tickets don’t work with those
folks. They're in different organizations. They don’t have relevant
information about what services are impacted. They don't have relevant
information about who is the actual cost center or their budget. All
that kind of stuff that becomes important in a shared service.

The customer was able to identify all of their business services. This was all built in, normalized in CMDB, and then pushed into ITSM.

This
customer, from week six to their go-live day had the ability see, what
is allocated in assets, what is allocated in terms of maintenance and
support, and this is the selected service that the ticket, incident, or
change is being created upon.

They understood the
impact for the organization as a result of having what we call a
Configuration Management System (CMS), having all of these things
working together. So it is possible. It gives you very high-level
control, particularly when you put it into something like Executive
Scorecard, to see where things are taking longer, how they're taking
longer, and what's costing more.

More importantly, in a
highly virtual environment, they can see whether they're
oversubscribed, whether they have their budgeted amount of ESX servers,
or whether they have the right number of assets that are playing a part
in service delivery. They can see the cost of every task, because it's
tied to a person, a business service, and an organization.

They started
with a capability to do SACM, and this is what this case is really
about. It plays into everything that we've talked about in this call.
It's agile and it is out-of-the-box. They're using features from all of
these tools that are out-of-the-box, and they're using a solution to
help them implement faster.

They can see what we call “total efficiency of cost.” What am I spending, but really how is it being spent and how efficient is it? They can see across the whole lifecycle of service management. It’s beautiful.

Future trends

Gardner:
It’s impressive. What is it about the future trends that we can now see
or have a good sense of how the events fold that makes rapid ITSM
adoption, this common data, and this intelligent ITSM approach, all so
important?

I'm thinking perhaps the addition of mobile
tier and extensibility out through new networks. I'm thinking about
DevOps and trying to coordinate a rapid-development approach with
operations and making that seamless.

We're hearing a
lot about containers these days as well. I'm also thinking about hybrid
cloud, where there's a mixture of services, a mixture of hosting
options, and not just static but dynamic, moving across these
boundaries.

So, let's go down the list, as this would
be our last question for today. John Stagaman, what is it about some of
these future trends that will make ITSM even more impactful, even more
important?

Stagaman: One of the big shifts that
we're starting to see in self-service is the idea that you want to
enable a customer to resolve their own issue in as many cases as
possible. What you can see in the newest release of that product is the
ability for them to search for a solution and start a chat.

The other thing that we're seeing is the ability to bridge between on-premises system and SaaS solution.

When
they ask a question, they can check your entire knowledge base and
history to see the propose solutions. If that’s not the case, they can
ask for additional information and then initialize a chat with the
service desk, if needed.

Very often, if they say
they're unable to open this file or their headset is broken, someone can
immediately tell them how to procure a replacement headset. It allows
that person to complete that activity or resolve their issue in a guided
way. It doesn't require them to walk through a level of menus to find
what they need. And it makes it much more approachable than finding a
headset on the procurement system.

The other thing that
we're seeing is the ability to bridge between on-premises system and
SaaS solution. We have some customers for whom certain data is required
to be onsite for compliance or policy reasons. They need an on-premise
system, but they may have some business units that want to use a SaaS
solution.

Then, when they have system supported by
central IT, that SaaS system can do an exchange of that case with the
primary system and have bidirectional updates. So we're getting the
ability to link between the SaaS world and the on-premises world more
effectively.

Gardner: Philipp, thoughts from you
on future trends that are driving the need for ITSM that will make it
even more valuable, make it more important.

Connected intelligence

Koch:
Definitely. Just to add on to what John said, it goes into the
direction of the connected intelligence, utilizing that big data example
that we have just gone through. It all points towards that we want to
have a solution that is connected across and brings back intelligence
towards the end user, just as much as towards the operator that has that
integration.

Another angle, more from the technology
side, is that now, with the SaaS offerings that we have today, the new
way of going forward as I see it happening -- and the way I think HP has
made a good decision with HP Service Anywhere -- is the continuous
delivery. You're losing the aspects of having version numbers for
software. You no longer need to do big upgrades to move from version 9
to a version 10, because you are doing continuous delivery.

Every
time new code is ready to be deployed, it is actually deployed. You do
not wait and bundle it up in a yearly cycle to give a huge package that
means months of upgrading. You're doing this on the fly. So Service
Anywhere or Agile Manager are good examples where HP is applying that.
That is the future, because the customer doesn’t want to do upgrade
projects anymore. Upgrades are of the past, if we really want to believe
that. We hope we can actually go there.

Mobile
and bring your own device were buzzwords -- now it's already here. We
don’t really need to talk about it anymore, because it already exists.

You
touched on mobile. Mobile and bring your own device were buzzwords --
now it's already here. We don’t really need to talk about it anymore,
because it already exists. That’s now the standard. You have to do this,
otherwise you're not really a player in the market.

To
close off with a paradigm statement, future solutions need to be
implemented -- and we consultants need to deliver solutions -- that
solve end-user problems compared to what we did in the past, where we
deployed solutions manage tickets!

We're no longer in
the business of helping them and giving them features to more easily
manage tickets and save money on quicker resolution. This is of the
past. What we need to do today is to make it possible for organizations
to empower end users to solve their problems themselves to become a
ticket-less IT -- this is ideal world of course -- where we reduce the
cost of an IT organization by giving as much as possible back to the end
user to enable him to do self service.

Gardner:
Last word to you, Erik. Any thoughts about future trends to drive ITSM
and why it will be even more important to do it fast and do it well?

Engstrom: Absolutely. And in my worldview it's SACM. It's essentially using vendor strengths, the portfolio, the entire portfolio, such as HP’s Service and Portfolio Management (SPM), where you have all of these combined silos that normally operate completely independently of each other.

There
are a couple of truths in IT. Data is expensive to re-create; the
concept that you have knowledge, and that you have value in a tool. The
next step in the new style of IT is going to require that these tools
work together as one suite, one offering, so that your best data is
coming from the best source and being used to make the best decisions.

Actionable information

It's
about making big data a reality. But in the use of UCMDB and the HP
portfolio, data is very small, it's actionable information, because it's
a set of tools. This whole portfolio helps customers save money, be
more efficient with where they spend, and do more with “yes.”

So
the idea that you have all of this data out there, what can it mean? It
can mean, for example, that you can look and see that a business
service is spending 90 percent more on licensing or ESX servers or
hardware, anything that it might need. You have transparency across the
board.

Smarter service management means doing more with
the information you already have and making informed decision that
really help you drive efficiencies. It's doing more with “yes,” and
being efficient. To me, that’s SACM. The requirement for a portfolio, it
doesn’t matter how small or how large it is, is [that] it must provide
the ways for which this data can be shared, so that information becomes
intelligence.

Organizations
that have these tools will beat the competition. They will wipe them
out, because they're so efficient and so informed.

Organizations that have these tools will beat the competition at an SG and A (Selling, General and Administrative)
level. They will wipe them out, because they're so efficient and so
informed. Waste is reduced. Time is faster. Good decisions are made
ahead of time. You have the data and you can act appropriately. That's
the future. That's why we support HP software, because of the strength
of the portfolio.

Gardner: Well, great. I am
afraid we'll have to leave it there. We have been listening to a
sponsored BriefingsDirect Podcast panel discussion on how rapidly
advancing ITSM capability forms an IT imperative, and therefore bedrock,
business necessity. We've seen how a new wave of ITSM technologies and
methods allow for rapid ITSM adoption, and that means better, rapid
support of agile business.

Transcript
of a Briefings Direct podcast on how enterprises can benefit from the
newest IT service management methods and procedures. Copyright
Interarbor Solutions, LLC, 2005-2014. All rights reserved.